Filtered by vendor Sqlite
Subscriptions
Total
58 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-8740 | 2 Debian, Sqlite | 2 Debian Linux, Sqlite | 2024-08-05 | N/A |
In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c. | ||||
CVE-2019-20218 | 5 Canonical, Debian, Oracle and 2 more | 5 Ubuntu Linux, Debian Linux, Mysql Workbench and 2 more | 2024-08-05 | 7.5 High |
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. | ||||
CVE-2019-19959 | 3 Canonical, Redhat, Sqlite | 3 Ubuntu Linux, Enterprise Linux, Sqlite | 2024-08-05 | 7.5 High |
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind. | ||||
CVE-2019-19924 | 6 Apache, Netapp, Oracle and 3 more | 6 Bookkeeper, Cloud Backup, Mysql Workbench and 3 more | 2024-08-05 | 5.3 Medium |
SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling. | ||||
CVE-2019-19926 | 8 Debian, Netapp, Opensuse and 5 more | 13 Debian Linux, Cloud Backup, Backports Sle and 10 more | 2024-08-05 | 7.5 High |
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. | ||||
CVE-2019-19925 | 8 Debian, Netapp, Opensuse and 5 more | 14 Debian Linux, Cloud Backup, Backports Sle and 11 more | 2024-08-05 | 7.5 High |
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. | ||||
CVE-2019-19923 | 8 Debian, Netapp, Opensuse and 5 more | 14 Debian Linux, Cloud Backup, Backports Sle and 11 more | 2024-08-05 | 7.5 High |
flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). | ||||
CVE-2019-19880 | 8 Debian, Netapp, Opensuse and 5 more | 13 Debian Linux, Cloud Backup, Backports Sle and 10 more | 2024-08-05 | 7.5 High |
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. | ||||
CVE-2019-19645 | 5 Netapp, Oracle, Siemens and 2 more | 6 Cloud Backup, Ontap Select Deploy Administration Utility, Mysql Workbench and 3 more | 2024-08-05 | 5.5 Medium |
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. | ||||
CVE-2019-19646 | 5 Netapp, Oracle, Siemens and 2 more | 6 Cloud Backup, Ontap Select Deploy Administration Utility, Mysql Workbench and 3 more | 2024-08-05 | 9.8 Critical |
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. | ||||
CVE-2019-19603 | 6 Apache, Netapp, Oracle and 3 more | 7 Guacamole, Cloud Backup, Ontap Select Deploy Administration Utility and 4 more | 2024-08-05 | 7.5 High |
SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. | ||||
CVE-2019-19317 | 4 Netapp, Oracle, Siemens and 1 more | 5 Cloud Backup, Ontap Select Deploy Administration Utility, Mysql Workbench and 2 more | 2024-08-05 | 9.8 Critical |
lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact. | ||||
CVE-2019-19244 | 4 Canonical, Oracle, Siemens and 1 more | 4 Ubuntu Linux, Mysql Workbench, Sinec Infrastructure Network Services and 1 more | 2024-08-05 | 7.5 High |
sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. | ||||
CVE-2019-19242 | 5 Canonical, Oracle, Redhat and 2 more | 5 Ubuntu Linux, Mysql Workbench, Enterprise Linux and 2 more | 2024-08-05 | 5.9 Medium |
SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c. | ||||
CVE-2019-16168 | 9 Canonical, Debian, Fedoraproject and 6 more | 21 Ubuntu Linux, Debian Linux, Fedora and 18 more | 2024-08-05 | 6.5 Medium |
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." | ||||
CVE-2019-9937 | 1 Sqlite | 1 Sqlite | 2024-08-04 | N/A |
In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c. | ||||
CVE-2019-9936 | 1 Sqlite | 1 Sqlite | 2024-08-04 | N/A |
In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c. | ||||
CVE-2019-8457 | 5 Canonical, Fedoraproject, Opensuse and 2 more | 5 Ubuntu Linux, Fedora, Leap and 2 more | 2024-08-04 | 9.8 Critical |
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. | ||||
CVE-2019-5018 | 3 Canonical, Redhat, Sqlite | 3 Ubuntu Linux, Enterprise Linux, Sqlite | 2024-08-04 | 8.1 High |
An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability. | ||||
CVE-2020-35527 | 3 Netapp, Redhat, Sqlite | 3 Ontap Select Deploy Administration Utility, Enterprise Linux, Sqlite | 2024-08-04 | 9.8 Critical |
In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause. |